Also, in 58% of organizations, both network and security personnel engage with those security insights, which indicates that these tools are providing value across silos. This is notable because it demonstrates that skills gaps are not preventing the security team from getting valuable information from NPM tools. It also suggests that network teams are building bridges with security teams by offering them useful information.
EMA asked research participants to identify the most valuable security insights available in their NPM tools today. More than half (52%) told us that network detection and response (NDR) or network traffic analysis (NTA) insights were delivering significant value. NDR and NTA technology monitors network traffic (packet data or network flow records) for anomalous or suspicious behavior. These technologies leverage machine learning and behavioral analytics rather than threat data and malware signatures, allowing for the detection of previously unidentified threats and attack methods. The prevalence of NDR and NTA insights in NPM tools is not surprising, given that most NPM vendors have introduced modules or products over the last five years that focus on these capabilities. These capabilities can serve as a frontline cybersecurity monitoring solution, or network teams can offer it to the security team as a supplemental view into traffic.
More than 43% or research participants told EMA that it’s useful to get health and performance reporting on network security infrastructure from their NPM tools. Network and security personnel can infer several things from this type of reporting. For instance, visibility into anomalous spikes in traffic hitting a network security appliance could indicate an attack. More importantly, overall insight into network security device state can ensure that security controls are performing as expected and not impacting applications and user experience. “We have some traffic monitoring tools that the security team is sometimes interested in using to troubleshoot the performance of their hardware,” a network engineering director at a Fortune 500 healthcare company told EMA. “For instance, is the firewall introducing issues?”
Additionally, 40% of IT professionals believe that it’s valuable for an NPM tool to be able to correlate abnormal network health and performance telemetry with indicators of compromise or suspicious behavior. This insight can help security teams with their investigations of suspect activity by adding context.
Finally, 32% of organizations see value from an NPM tool’s ability to conduct inventory assessments. Such tools will compare network device inventory data with product security vulnerability reports from their networking vendors, such as product security response team (PSIRT) alerts. This feature allows network teams to identify potential product vulnerabilities on their network and install patches and software updates to close them. This feature improves the network team’s ability to comply with an organization’s cybersecurity policies and standards. Organizations that have the most success with network and security team collaboration were more likely to identify inventory assessments as a valuable security feature in an NPM tool.
EMA’s advice
If your network team is trying to improve how it works with the security team, a strong NPM tool might be a good foundation for getting started. EMA recommends that you explore the security insights that your network monitoring vendors offer. Even good visibility into the health and performance of firewalls can help bridge the collaboration gap.